Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 430486 (CVE-2012-3461) - <net-libs/libotr-3.2.1: multiple heap-based buffer overflows in base64 decoder (CVE-2012-3461)
Summary: <net-libs/libotr-3.2.1: multiple heap-based buffer overflows in base64 decode...
Alias: CVE-2012-3461
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
: 446858 (view as bug list)
Depends on:
Reported: 2012-08-08 18:42 UTC by Jason A. Donenfeld
Modified: 2013-09-15 04:50 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

libotr-3.2.0-r1.ebuild (libotr-3.2.0-r1.ebuild,817 bytes, text/plain)
2012-08-08 18:49 UTC, Jason A. Donenfeld
no flags Details
libotr-3.2.0-base64-overflow.patch (libotr-3.2.0-base64-overflow.patch,6.14 KB, patch)
2012-08-08 18:50 UTC, Jason A. Donenfeld
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason A. Donenfeld gentoo-dev 2012-08-08 18:42:40 UTC
multiple heap-based buffer overflow flaws were found in the way the
Base64 decoder of libotr, an Off-The-Record Messaging library and
toolkit, performed decoding of certain messages. A remote attacker
could provide a specially-crafted OTR message that once processed
in an application linked against libotr would lead to that
application crash or, potentially, arbitrary code execution with
the privileges of the user running the application.

References: [1] [2]


Relevant upstream patches: [4];a=commitdiff;h=b17232f86f8e60d0d22caf9a2400494d3c77da58



Reproducible: Always
Comment 1 Jason A. Donenfeld gentoo-dev 2012-08-08 18:49:52 UTC
Created attachment 320740 [details]
Comment 2 Jason A. Donenfeld gentoo-dev 2012-08-08 18:50:08 UTC
Created attachment 320742 [details, diff]
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-08-20 23:05:38 UTC
CVE-2012-3461 (
  The (1) otrl_base64_otr_decode function in src/b64.c; (2)
  otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in
  src/proto.c; and (4) decode function in toolkit/parse.c in libotr before
  3.2.1 allocates a zero-length buffer when decoding a base64 string, which
  allows remote attackers to cause a denial of service (application crash) via
  a message with the value "?OTR:===.", which triggers a heap-based buffer
Comment 4 Michael Palimaka (kensington) gentoo-dev 2012-10-18 16:25:39 UTC
An initial fix is attached to this bug, 3.2.1 (current stable + fix) is available upstream, and 4.0.0 is now in the tree.

Anything I can do to help get this moving?
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 18:31:46 UTC
*** Bug 446858 has been marked as a duplicate of this bug. ***
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 18:35:05 UTC
net-im: please bump to 3.2.1 or higher
Comment 7 Sergey Popov gentoo-dev 2013-04-08 15:00:20 UTC
+  08 Apr 2013; Sergey Popov <> +libotr-3.2.1.ebuild:
+  Version bump, wrt bug #430486

Arches, please test and mark stable =net-libs/libotr-3.2.1

Target keywords: amd64 hppa ppc ppc64 sparc x86
Comment 8 Sergey Popov gentoo-dev 2013-04-08 17:12:53 UTC
amd64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2013-04-08 19:03:47 UTC
Stable for HPPA.
Comment 10 Agostino Sarubbo gentoo-dev 2013-04-11 19:01:20 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-04-11 19:29:58 UTC
ppc64 stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-04-12 15:19:56 UTC
x86 stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-04-13 07:33:57 UTC
sparc stable
Comment 14 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-11 14:56:29 UTC
GLSA request filed.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2013-09-15 04:50:34 UTC
This issue was resolved and addressed in
 GLSA 201309-07 at
by GLSA coordinator Chris Reffett (creffett).